Trevor McDonald
Details
Computer Forensics
Century College
2009 : 2012
North High School
2005 : 2009
- Manage third-party penetration testing including planning, scheduling, overseeing, and report processing.
- Assist blue team with investigation, remediation, and verification of report findings.
- Develop and improve processes and procedures, documentation, and custom internal tooling.
2021 : Present
Surescripts
Senior Information Security Testing Analyst
- Perform internal and external penetration tests, covering web, API, and network testing primarily.
2019 : 2021
Surescripts
Information Security Testing Analyst
My business partner and I co-founded Gray Duck DevOps in order to provide IT consulting services to the Twin Cities area.
2017 : 2020
Gray Duck DevOps
Co-Founder and CIO
As a Security Consultant, my primary focus is on discovering, exploiting, and documenting weaknesses in client environments, be they virtual or physical, in order to help improve their defensive posture. This is commonly referred to as Penetration testing or pentesting for short. Other related responsibilities fall into the vulnerability assessment and redteaming buckets.
In non-marketing speak, this means I make my living hacking things (legally).
In addition to the traditional penetration testing role, I support RedTeam by acting as a mix of developer, sysadmin, and operations internally. My background in DevOps has helped greatly with automating internal processes and providing quick fixes in code as situations arise.
2018 : 2019
RedTeam Security
Security Consultant
Automation/DevOps, security, technical training, and Support Team Lead.
Most of my days were spent identifying business processes that were prime targets for automation, working with whichever department to formalize and diagram the process, then automating some or all of it in code. In doing so I had also helped discover unhandled edge cases, as well as clarifying the workflow for members of the team.
As the de facto security guru, I acted as point-of-contact for their security@ email address, investigating all reported vulnerabilities, as well as providing their developers with recommended fixes, and testing the patches before they were released. I maintained a line of communication with the reporters from initial contact to resolution.
I provided technical training primarily to new support staff, but also to sales and marketing team members as part of their onboarding and continuing education. I made myself available in-person a few times per week to address any pending technical questions. I also occasionally hosted a lunch and learn where I invited anyone who was interested to have lunch in the conference room while I gave a short presentation on a technical topic - I had covered HA solutions and an overview of automation tools.
Finally, as Support Team Lead I carried many of the responsibilities that I did as Support Manager, minus the payroll and other managerial tasks. Day-to-day I focused on helping keep the workload reasonable, and performing ongoing guidance as new situations arose.
2017 : 2018
Nagios Enterprises, LLC
Operations Engineer
Skills
Ansible, Arduino, Bash, C, C++, CentOS, Computer Forensics, Computer Hardware, Computer Security, Electrical Engineering, Incident Management, Information Security, Jenkins, Linux, Linux System Administration, Management, MySQL, Nagios, Network Administration, Networking, Network Monitoring Tools, Network Security, OTRS, Perl, PHP, RHEL, RPM, Shell Scripting, Software Installation, System Administration, Testing, Windows Server
About
Penetration Tester and Computer Forensics graduate with a diverse skillset including information security, Linux administration, software engineering, management, and customer care. Information security experience includes both consulting for a broad range of sectors and as FTE at a HIPAA org. Freelance penetration testing and consulting in my spare time, primarily web-based and internal network. Wireless pentest proficiency and gear on-hand. Volunteer work includes co-heading a local monthly security meetup.
Profile Photo
